aboutsummaryrefslogtreecommitdiff
path: root/pdf-as-web
diff options
context:
space:
mode:
Diffstat (limited to 'pdf-as-web')
-rw-r--r--pdf-as-web/build.gradle11
-rw-r--r--pdf-as-web/src/main/configuration/pdf-as-web.properties1
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java5
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java86
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java9
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java80
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java16
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java15
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java19
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java24
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java14
-rw-r--r--pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java8
-rw-r--r--pdf-as-web/src/main/resources/META-INF/context.xml3
-rw-r--r--pdf-as-web/src/main/webapp/WEB-INF/web.xml4
14 files changed, 179 insertions, 116 deletions
diff --git a/pdf-as-web/build.gradle b/pdf-as-web/build.gradle
index f5843650..3123668d 100644
--- a/pdf-as-web/build.gradle
+++ b/pdf-as-web/build.gradle
@@ -56,8 +56,7 @@ dependencies {
api project (':pdf-as-web-status')
api project (':pdf-as-web-statistic-api')
api project (':pdf-as-pdfbox-2')
- api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.4'
- // Upgrade dependency of commons-fileupload from 2.2 to 2.8.0 to avoid CVE-2021-29425
+ api group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
api group: 'commons-io', name: 'commons-io', version: '2.11.0'
api group: 'opensymphony', name: 'sitemesh', version: '2.4.2'
api group: 'javax.xml.bind', name: 'jaxb-api', version: '2.3.1'
@@ -69,12 +68,12 @@ dependencies {
api 'org.apache.cxf:cxf-rt-transports-http:3.5.5'
api 'org.apache.cxf:cxf-rt-frontend-jaxws:3.5.5'
api 'com.thetransactioncompany:cors-filter:2.10'
- api 'ch.qos.logback:logback-classic:1.2.11'
- api 'ch.qos.logback:logback-core:1.2.11'
- api 'org.json:json:20220924'
+ api 'ch.qos.logback:logback-classic:1.2.12'
+ api 'ch.qos.logback:logback-core:1.2.12'
+ api 'org.json:json:20230227'
api group: 'javax.jws', name: 'javax.jws-api', version: '1.1'
compileOnly 'javax.servlet:javax.servlet-api:3.0.1'
- testRuntime 'org.springframework:spring-test:5.2.22.RELEASE'
+ testImplementation 'org.springframework:spring-test:5.3.28'
}
diff --git a/pdf-as-web/src/main/configuration/pdf-as-web.properties b/pdf-as-web/src/main/configuration/pdf-as-web.properties
index 556fd667..fe6c9576 100644
--- a/pdf-as-web/src/main/configuration/pdf-as-web.properties
+++ b/pdf-as-web/src/main/configuration/pdf-as-web.properties
@@ -51,6 +51,7 @@ whitelist.enabled=true
whitelist.url.01=^.*$
public.url=http://localhost:8080/pdf-as-web
+#public.data.url=http://localhost:8088/pdf-as-web
#Request Store
# Default In Memory Store
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
index 1fffb17d..81b60131 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/config/WebConfiguration.java
@@ -39,6 +39,7 @@ import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
public class WebConfiguration implements IConfigurationConstants {
public static final String PUBLIC_URL = "public.url";
+ public static final String PUBLIC_DATA_URL = "public.data.url";
public static final String LOCAL_BKU_ENABLED = "bku.sign.enabled";
public static final String ONLINE_BKU_ENABLED = "moc.sign.enabled";
public static final String MOBILE_BKU_ENABLED = "mobile.sign.enabled";
@@ -226,6 +227,10 @@ public class WebConfiguration implements IConfigurationConstants {
return properties.getProperty(PUBLIC_URL);
}
+ public static String getPublicDataURL() {
+ return properties.getProperty(PUBLIC_DATA_URL);
+ }
+
public static String getLocalBKUURL() {
if(getLocalBKUEnabled()) {
String overwrite = properties.getProperty(CONFIG_BKU_URL);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java
index 675b1d6b..5d1abc15 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/ExceptionCatchFilter.java
@@ -24,7 +24,9 @@
package at.gv.egiz.pdfas.web.filter;
import java.io.IOException;
+import java.util.Collections;
import java.util.Enumeration;
+import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -34,26 +36,47 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.MDC;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
+import com.beust.jcommander.Strings;
+import com.beust.jcommander.internal.Lists;
+
+import lombok.extern.slf4j.Slf4j;
/**
* Servlet Filter implementation class ExceptionCatchFilter
*/
+@Slf4j
public class ExceptionCatchFilter implements Filter {
- private static final Logger logger = LoggerFactory.getLogger(ExceptionCatchFilter.class);
-
+ List<String> statelessPaths;
+
/**
* Default constructor.
*/
public ExceptionCatchFilter() {
}
+ /**
+ * @see Filter#init(FilterConfig)
+ */
+ public void init(FilterConfig fConfig) throws ServletException {
+ String statelessConfigStrings = fConfig.getInitParameter("statelessServlets");
+ if (statelessConfigStrings != null) {
+ statelessPaths = Lists.newArrayList(StringUtils.split(statelessConfigStrings, ","));
+
+ } else {
+ statelessPaths = Collections.emptyList();
+
+ }
+ log.info("Stateless paths set to: {}", Strings.join(", ", statelessPaths));
+
+ }
+
+
/**
* @see Filter#destroy()
*/
@@ -68,12 +91,15 @@ public class ExceptionCatchFilter implements Filter {
try {
if (request instanceof HttpServletRequest) {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- MDC.put("SESSION_ID", httpRequest.getSession().getId());
- logger.debug("Processing Parameters into Attributes");
- logger.warn("Access from IP {}", getClientIpAddr(httpRequest));
-
- PdfAsHelper.logAccess(httpRequest);
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+
+ HttpSession session = httpRequest.getSession(isStatefull(httpRequest.getServletPath()));
+ String sessionId = session != null ? session.getId() : "-";
+ MDC.put("SESSION_ID", sessionId);
+ log.info("Access from IP: {}", getClientIpAddr(httpRequest));
+ log.info("Access to: {} in Session: {}", httpRequest.getServletPath(), sessionId);
+
+ log.debug("Processing Parameters into Attributes");
@SuppressWarnings("unchecked")
Enumeration<String> parameterNames = httpRequest.getParameterNames();
while (parameterNames.hasMoreElements()) {
@@ -85,33 +111,41 @@ public class ExceptionCatchFilter implements Filter {
try {
chain.doFilter(request, response);
+
} finally {
- if (response != null) {
- if (response instanceof HttpServletResponse) {
- HttpServletResponse resp = (HttpServletResponse) response;
- logger.debug("Got response status: {}", resp.getStatus());
- } else {
- logger.warn("Response is not a HttpServletResponse!");
- }
- } else {
- logger.warn("Response is not a HttpServletResponse!");
+ if (response instanceof HttpServletResponse) {
+ HttpServletResponse resp = (HttpServletResponse) response;
+ log.debug("Got response status: {}", resp.getStatus());
+
+ } else {
+ log.warn("Response is not a HttpServletResponse!");
+
}
}
} catch (Throwable e) {
- logger.error("Unhandled exception found", e);
+ log.error("Unhandled exception found", e);
throw new ServletException(e.getMessage());
+
} finally {
MDC.remove("SESSION_ID");
+
}
/*
* } catch(Throwable e) {
* System.err.println("Unhandled Exception found!");
* e.printStackTrace(System.err);
- * logger.error("Unhandled Exception found!", e); }
+ * log.error("Unhandled Exception found!", e); }
*/
}
- public static String getClientIpAddr(HttpServletRequest request) {
+ private boolean isStatefull(String contextPath) {
+ boolean statefull = !statelessPaths.contains(contextPath);
+ log.trace("ServletPath: {} is marked as {}", contextPath, statefull ? "statefull" : "stateless");
+ return statefull;
+
+ }
+
+ public static String getClientIpAddr(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
@@ -131,10 +165,4 @@ public class ExceptionCatchFilter implements Filter {
return ip;
}
- /**
- * @see Filter#init(FilterConfig)
- */
- public void init(FilterConfig fConfig) throws ServletException {
- }
-
}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java
index 504cf472..ef7d391d 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/filter/UserAgentFilter.java
@@ -10,14 +10,11 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class UserAgentFilter implements Filter {
- private static final Logger logger = LoggerFactory
- .getLogger(UserAgentFilter.class);
-
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
@@ -37,7 +34,7 @@ public class UserAgentFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
if(request instanceof HttpServletRequest) {
- logger.debug("Processing Parameters into Attributes");
+ log.debug("Processing Parameters into Attributes");
HttpServletRequest httpRequest = (HttpServletRequest)request;
requestUserAgent.set(httpRequest.getHeader("User-Agent"));
}
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
index 35b5a7ce..9900dda4 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsHelper.java
@@ -161,7 +161,9 @@ public class PdfAsHelper {
reloadConfig();
}
- public static void init() {
+ public static void init() {
+ JsonSecurityUtils.getInstance();
+
log.info("PDF-AS Helper initialized");
}
@@ -536,7 +538,9 @@ public class PdfAsHelper {
// set Signature Position
signParameter.setSignaturePosition(documentToSign.getPosition());
-
+ signParameter.setPlaceHolderId(documentToSign.getPlaceHolderId());
+ signParameter.setPlaceHolderSearchEnabled(documentToSign.isPlaceholderSearchEnabled());
+
// Set Preprocessor
if (coreParams.getPreprocessor() != null) {
signParameter.setPreprocessorArguments(coreParams.getPreprocessor());
@@ -549,8 +553,7 @@ public class PdfAsHelper {
PDFASVerificationResponse verResponse = new PDFASVerificationResponse();
- verResponse.setSignerCertificate(signResult.getSignerCertificate()
- .getEncoded());
+ verResponse.setSignerCertificate(signResult.getSignerCertificate().getEncoded());
SignedDocument signPdfDoc = SignedDocument.builder()
@@ -660,7 +663,8 @@ public class PdfAsHelper {
// set Signature Position
signParameter.setSignaturePosition(pdfToSign.getPosition());
-
+ signParameter.setPlaceHolderId(pdfToSign.getPlaceHolderId());
+ signParameter.setPlaceHolderSearchEnabled(pdfToSign.isPlaceholderSearchEnabled());
signParameter.setDynamicSignatureBlockArguments(coreSignParams.getSignatureBlockParameters());
return pdfAs.startSign(signParameter);
@@ -787,12 +791,6 @@ public class PdfAsHelper {
PdfAsHelper.process(request, response, context);
}
- public static void logAccess(HttpServletRequest request) {
- HttpSession session = request.getSession();
- log.info("Access to " + request.getServletPath() + " in Session: "
- + session.getId());
- }
-
public static JSONStartResponse startJsonProcess(HttpServletRequest request,
HttpServletResponse response, ServletContext context)
throws Exception {
@@ -907,6 +905,10 @@ public class PdfAsHelper {
JsonObject sl20Req = null;
String reqId = UUID.randomUUID().toString();
if (WebConfiguration.isSL20SigningEnabled()) {
+ if (joseTools == null) {
+ throw new PdfAsException("error.config.sl20.01");
+ }
+
String signedCertCommand = SL20JSONBuilderUtils.createSignedCommand(
SL20Constants.SL20_COMMAND_IDENTIFIER_GETCERTIFICATE, getCertParams, joseTools);
sl20Req = SL20JSONBuilderUtils.createGenericRequest(reqId, null, null, signedCertCommand);
@@ -1361,29 +1363,35 @@ public class PdfAsHelper {
private static String generateURL(HttpServletRequest request,
HttpServletResponse response, String Servlet) {
- HttpSession session = request.getSession();
- String publicURL = WebConfiguration.getPublicURL();
- String dataURL = null;
- if (publicURL != null) {
- dataURL = publicURL + Servlet + ";jsessionid=" + session.getId();
- } else {
- if ((request.getScheme().equals("http") && request.getServerPort() == 80)
- || (request.getScheme().equals("https") && request
- .getServerPort() == 443)) {
- dataURL = request.getScheme() + "://" + request.getServerName()
- + request.getContextPath() + Servlet + ";jsessionid="
- + session.getId();
- } else {
- dataURL = request.getScheme() + "://" + request.getServerName()
- + ":" + request.getServerPort()
- + request.getContextPath() + Servlet + ";jsessionid="
- + session.getId();
- }
- }
- log.debug("Generated URL: " + dataURL);
- return dataURL;
+ return generateURL(request, response, Servlet, WebConfiguration.getPublicURL());
+
}
+ private static String generateURL(HttpServletRequest request,
+ HttpServletResponse response, String Servlet, String publicURL) {
+ HttpSession session = request.getSession();
+ String dataURL = null;
+ if (publicURL != null) {
+ dataURL = publicURL + Servlet + ";jsessionid=" + session.getId();
+ } else {
+ if ((request.getScheme().equals("http") && request.getServerPort() == 80)
+ || (request.getScheme().equals("https") && request
+ .getServerPort() == 443)) {
+ dataURL = request.getScheme() + "://" + request.getServerName()
+ + request.getContextPath() + Servlet + ";jsessionid="
+ + session.getId();
+ } else {
+ dataURL = request.getScheme() + "://" + request.getServerName()
+ + ":" + request.getServerPort()
+ + request.getContextPath() + Servlet + ";jsessionid="
+ + session.getId();
+ }
+ }
+ log.debug("Generated URL: " + dataURL);
+ return dataURL;
+ }
+
+
public static void regenerateSession(HttpServletRequest request) {
request.getSession(false).invalidate();
request.getSession(true);
@@ -1391,12 +1399,16 @@ public class PdfAsHelper {
public static String generateDataURLSL20(HttpServletRequest request,
HttpServletResponse response) {
- return generateURL(request, response, PDF_SL20_DATAURL_PAGE);
+ return generateURL(request, response, PDF_SL20_DATAURL_PAGE,
+ WebConfiguration.getPublicDataURL() != null
+ ? WebConfiguration.getPublicDataURL() : WebConfiguration.getPublicURL());
}
public static String generateDataURL(HttpServletRequest request,
HttpServletResponse response) {
- return generateURL(request, response, PDF_DATAURL_PAGE);
+ return generateURL(request, response, PDF_DATAURL_PAGE,
+ WebConfiguration.getPublicDataURL() != null
+ ? WebConfiguration.getPublicDataURL() : WebConfiguration.getPublicURL());
}
public static String generateProvideURL(HttpServletRequest request,
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
index 31fbf46d..1ed85e98 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/helper/PdfAsParameterExtractor.java
@@ -30,11 +30,13 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
-import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
-import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
+import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel;
+
public class PdfAsParameterExtractor {
public static final String PARAM_CONNECTOR = "connector";
@@ -118,6 +120,16 @@ public class PdfAsParameterExtractor {
return (String)request.getAttribute(IConfigurationConstants.PLACEHOLDER_WEB_ID);
}
+ public static boolean isPlaceholderSearchEnabled(HttpServletRequest request) {
+ String value = (String)request.getAttribute(IConfigurationConstants.PLACEHOLDER_WEB_ENABLED);
+ if (StringUtils.isNotEmpty(value)) {
+ return Boolean.valueOf(value);
+
+ } else {
+ return true;
+ }
+ }
+
public static String getTransactionId(HttpServletRequest request) {
String transactionId = (String)request.getAttribute(PARAM_TRANSACTION_ID);
return transactionId;
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
index 72128a9c..42236f5e 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ErrorPage.java
@@ -42,8 +42,8 @@ import at.gv.egiz.pdfas.web.helper.HTMLFormater;
import at.gv.egiz.pdfas.web.helper.PdfAsHelper;
import at.gv.egiz.pdfas.web.helper.UrlParameterExtractor;
import at.gv.egiz.pdfas.web.stats.StatisticEvent;
-import at.gv.egiz.pdfas.web.stats.StatisticFrontend;
import at.gv.egiz.pdfas.web.stats.StatisticEvent.Status;
+import at.gv.egiz.pdfas.web.stats.StatisticFrontend;
/**
* Servlet implementation class ErrorPage
@@ -116,11 +116,14 @@ public class ErrorPage extends HttpServlet {
String template = PdfAsHelper.getErrorRedirectTemplateSL();
URL url = new URL(errorURL);
- String errorURLProcessed = url.getProtocol() + "://" + // "http" + "://
- url.getHost() + // "myhost"
- ":" + // ":"
- url.getPort() + // "8080"
- url.getPath();
+ String errorURLProcessed = url.getProtocol() + "://" + url.getHost();
+ if (url.getPort() != -1) {
+ errorURLProcessed += ":" + url.getPort();
+
+ }
+
+ errorURLProcessed += url.getPath();
+
template = template.replace("##ERROR_URL##", errorURLProcessed);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
index 898e44e2..957614b1 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/ExternSignServlet.java
@@ -46,10 +46,8 @@ import at.gv.egiz.pdfas.common.exceptions.PDFASError;
import at.gv.egiz.pdfas.common.exceptions.PdfAsException;
import at.gv.egiz.pdfas.common.exceptions.PdfAsSettingsValidationException;
import at.gv.egiz.pdfas.common.settings.ISettings;
-import at.gv.egiz.pdfas.lib.api.IConfigurationConstants;
import at.gv.egiz.pdfas.lib.api.PdfAsFactory;
import at.gv.egiz.pdfas.lib.api.verify.VerifyParameter.SignatureVerificationLevel;
-import at.gv.egiz.pdfas.lib.impl.configuration.PlaceholderWebConfiguration;
import at.gv.egiz.pdfas.web.config.WebConfiguration;
import at.gv.egiz.pdfas.web.exception.PdfAsWebException;
import at.gv.egiz.pdfas.web.filter.UserAgentFilter;
@@ -346,20 +344,6 @@ public class ExternSignServlet extends HttpServlet {
String responseMode = PdfAsParameterExtractor.getResonseMode(request);
PdfAsHelper.setResponseMode(request, response, responseMode);
-
- //read and set placholder web id
- try{
- String placeholder_id = PdfAsParameterExtractor.getPlaceholderId(request);
- if(org.apache.commons.lang3.StringUtils.isNotEmpty(placeholder_id)) {
- PlaceholderWebConfiguration.setValue(IConfigurationConstants.PLACEHOLDER_WEB_ID, placeholder_id);
- } else {
- PlaceholderWebConfiguration.clear();
- }
-
- } catch(Exception e) {
- log.error(e.getLocalizedMessage());
- }
-
String filename = PdfAsParameterExtractor.getFilename(request);
if(filename != null) {
log.debug("Setting Filename in session: " + filename);
@@ -395,6 +379,9 @@ public class ExternSignServlet extends HttpServlet {
document.setInputData(pdfData);
document.setPosition(PdfAsHelper.buildPosString(request, response));
document.setProfile(PdfAsParameterExtractor.getSigType(request));
+ document.setPlaceHolderId(PdfAsParameterExtractor.getPlaceholderId(request));
+ log.debug("Add placeholderId: {} into process information", document.getPlaceHolderId());
+ document.setPlaceholderSearchEnabled(PdfAsParameterExtractor.isPlaceholderSearchEnabled(request));
document.setQrCodeContent(qrcodeContent);
document.setFileName(PdfAsHelper.getPDFFileName(request));
data.addDocumentToSign(document);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
index bf45745d..96d02f16 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PDFData.java
@@ -26,6 +26,8 @@ package at.gv.egiz.pdfas.web.servlets;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.zip.Deflater;
@@ -37,6 +39,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egiz.pdfas.api.processing.PdfasSignResponse;
import at.gv.egiz.pdfas.api.processing.SignedDocument;
import at.gv.egiz.pdfas.api.ws.PDFASVerificationResponse;
import at.gv.egiz.pdfas.web.config.WebConfiguration;
@@ -85,7 +88,15 @@ public class PDFData extends HttpServlet {
protected void process(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
- if (PdfAsHelper.getPdfSigningResponse(request).getSignedPdfs().isEmpty()) {
+ PdfasSignResponse resultObject = PdfAsHelper.getPdfSigningResponse(request);
+
+ if (resultObject == null) {
+ log.warn("No data for session with Id: {}", request.getSession().getId());
+ PdfAsHelper.setSessionException(request, response,
+ "No signed pdf document available.", null);
+ PdfAsHelper.gotoError(getServletContext(), request, response);
+
+ } else if (resultObject.getSignedPdfs().isEmpty()) {
log.info("No signed pdf document available.");
PdfAsHelper.setSessionException(request, response,
"No signed pdf document available.", null);
@@ -136,7 +147,7 @@ public class PDFData extends HttpServlet {
}
// build response
- response.setHeader("Content-Disposition", "inline;filename=multiple_documents.zip");
+ response.setHeader("Content-Disposition", "inline;filename=\"multiple_documents.zip\"");
response.setContentType("application/zip");
final OutputStream os = response.getOutputStream();
@@ -225,8 +236,13 @@ public class PDFData extends HttpServlet {
return;
}
}
- response.setHeader("Content-Disposition", "inline;filename="
- + PdfAsHelper.getPDFFileName(request));
+ response.setHeader("Content-Disposition", "inline;filename=\""
+ + PdfAsHelper.getPDFFileName(request) + "\"");
+
+ response.setHeader("X-FILENAME-BASE64URL",
+ Base64.getUrlEncoder().encodeToString(
+ PdfAsHelper.getPDFFileName(request).getBytes(StandardCharsets.UTF_8)));
+
final String pdfCert = signedFile.getSignerCertificate();
if (pdfCert != null) {
response.setHeader("Signer-Certificate", pdfCert);
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java
index f054db6a..b07293b1 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/PlaceholderGeneratorServlet.java
@@ -32,6 +32,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
public static final String PARAM_ID = "id";
public static final String PARAM_PROFILE = "profile";
+ public static final String PARAM_LANG = "lang";
public static final String PARAM_WIDTH = "w";
public static final String PARAM_HEIGHT = "h";
public static final String PARAM_BORDER = "b";
@@ -62,6 +63,8 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
String id = req.getParameter(PARAM_ID);
String profile = req.getParameter(PARAM_PROFILE);
+ String lang = req.getParameter(PARAM_LANG) != null ? req.getParameter(PARAM_LANG) : "DE";
+
String buildString = QR_PLACEHOLDER_IDENTIFIER;
@@ -86,7 +89,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
if(profile != null && !profile.isEmpty()) {
buildString = buildString + ";" + SignaturePlaceholderData.PROFILE_KEY + "=" + profile;
- if(profile.endsWith("_EN")) {
+ if(lang.equalsIgnoreCase("EN")) {
baseImage = "/img/PLACEHOLDER-SIG_EN.png";
filename = filename + "_en";
} else {
@@ -103,7 +106,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
// default values set for pdf-as wai on buergerkarte.at
int height = 60;
int width = 300;
- int border = 2;
+ int border = 1;
if(req.getParameter(PARAM_HEIGHT) != null) {
try {
@@ -132,7 +135,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
}
}
- int qrSize = height - ( 2 * border);
+ int qrSize = height - (border);
InputStream is = this.getClass().getClassLoader().getResourceAsStream(baseImage);
if(is == null) {
@@ -146,6 +149,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
// generate QR code
try {
QRCodeGenerator.generateQRCode(buildString, baos, qrSize);
+
} catch (WriterException e) {
logger.warn("Failed to generate QR Code for placeholder generation", e);
resp.sendError(HttpStatus.SC_INTERNAL_SERVER_ERROR);
@@ -161,7 +165,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
Graphics g = off_Image.getGraphics();
g.setColor(Color.WHITE);
g.fillRect(0, 0, width, height);
- g.fillRect(border, border, width - (2 * border), height - (2 * border));
+ //g.fillRect(border, border, width - (2 * border), height - (2 * border));
//g.drawImage(base, 0, 0, 250, 98, 0, 0, base.getWidth(), base.getHeight(), null);
g.drawImage(qr, border, border, qrSize + border, qrSize + border, 0, 0, qr.getWidth(), qr.getHeight(), null);
@@ -180,7 +184,7 @@ public class PlaceholderGeneratorServlet extends HttpServlet implements Placehol
int start = (height - textHeight) / 2;
- if(profile != null && profile.endsWith("_EN")) {
+ if(lang.equalsIgnoreCase("EN")) {
g.drawString("placeholder for the", qrSize + ( 3 * border), start + lineSpace);
g.drawString("electronic signature", qrSize + ( 3 * border), start + (2 * lineSpace));
} else {
diff --git a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java
index 71395304..ca005abe 100644
--- a/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java
+++ b/pdf-as-web/src/main/java/at/gv/egiz/pdfas/web/servlets/SoapServiceServlet.java
@@ -5,20 +5,12 @@ import javax.xml.ws.Endpoint;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
-import org.apache.cxf.feature.LoggingFeature;
-import org.apache.cxf.interceptor.LoggingInInterceptor;
-import org.apache.cxf.interceptor.LoggingOutInterceptor;
import org.apache.cxf.transport.servlet.CXFNonSpringServlet;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import at.gv.egiz.pdfas.web.ws.PDFASSigningImpl;
import at.gv.egiz.pdfas.web.ws.PDFASVerificationImpl;
public class SoapServiceServlet extends CXFNonSpringServlet {
-
- private static final Logger logger = LoggerFactory
- .getLogger(SoapServiceServlet.class);
/**
*
diff --git a/pdf-as-web/src/main/resources/META-INF/context.xml b/pdf-as-web/src/main/resources/META-INF/context.xml
new file mode 100644
index 00000000..716b2233
--- /dev/null
+++ b/pdf-as-web/src/main/resources/META-INF/context.xml
@@ -0,0 +1,3 @@
+<Context>
+ <CookieProcessor sameSiteCookies="none" />
+</Context> \ No newline at end of file
diff --git a/pdf-as-web/src/main/webapp/WEB-INF/web.xml b/pdf-as-web/src/main/webapp/WEB-INF/web.xml
index 7920ad91..46ae8272 100644
--- a/pdf-as-web/src/main/webapp/WEB-INF/web.xml
+++ b/pdf-as-web/src/main/webapp/WEB-INF/web.xml
@@ -12,6 +12,10 @@
<display-name>ExceptionCatchFilter</display-name>
<description></description>
<filter-class>at.gv.egiz.pdfas.web.filter.ExceptionCatchFilter</filter-class>
+ <init-param>
+ <param-name>statelessServlets</param-name>
+ <param-value>/placeholder,/visblock</param-value>
+ </init-param>
</filter>
<filter>
<filter-name>UserAgentFilter</filter-name>